bbs/deb-goldedplus
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix buffer overflow in helpfile processing. Bugreport from Anton Gorlov 2:5059/37

Browse Source
This commit is contained in:
Stas Degteff 2011-05-24 21:22:16 +00:00
parent a373628e84
commit fce08eec1e
3 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
golded3/gcmisc.cpp
View File

@ -80,7 +80,7 @@ int ReadHelpCfg(int force) {
comment = NO; comment = NO;
HlpL[counter].help = atow(buf+3); HlpL[counter].help = atow(buf+3);
ptr = strchr(buf, ','); ptr = strchr(buf, ',');
strbtrim(strcpy(HlpL[counter].category, ptr ? ptr+1 : "")); strbtrim(strxcpy(HlpL[counter].category, ptr ? ptr+1 : "", sizeof(HlpL[counter].category)));
HlpL[counter].offset = offset + strlen(buf); HlpL[counter].offset = offset + strlen(buf);
counter++; counter++;
} }

2
golded3/geline.cpp
View File

@ -2823,7 +2823,7 @@ void MsgLineReIndex(GMsg* msg, int viewhidden, int viewkludge, int viewquote) {
line = line->next; line = line->next;
} }
msg->line = (Line**)throw_xcalloc(msg->lines+2, sizeof(Line*)); msg->line = (Line**)throw_xcalloc(msg->lines+2, sizeof(Line*)); // FIXME: Memory Leak
x = 0; x = 0;
msg->lines = 0; msg->lines = 0;

2
golded3/gepost.cpp
View File

@ -198,7 +198,7 @@ void CheckSubject(GMsg* msg, char* subj) {
{ {
ISub subject; ISub subject;
gsprintf(PRINTF_DECLARE_BUFFER(subject), "%s%s%s%s%s ", fspec[x].delsent ? "^" : "", ReMapPath(fspec[x].path), fspec[x].fblk ? (fspec[x].fblk[m].name ? fspec[x].fblk[m].name : "") : "", *fspec[x].password ? " " : "", fspec[x].password); gsprintf(PRINTF_DECLARE_BUFFER(subject), "%s%s%s%s%s ", fspec[x].delsent ? "^" : "", ReMapPath(fspec[x].path), fspec[x].fblk ? (fspec[x].fblk[m].name ? fspec[x].fblk[m].name : "") : "", *fspec[x].password ? " " : "", fspec[x].password);
if ((strlen(buf) + strlen(subject)) > 71) if ((strlen(buf) + strlen(subject)) > 71)
{ {
n++; n++;